Core Insights - The security industry is transitioning from rapid integration of large models to a more in-depth "practical" phase, necessitating the development of vertical large models tailored for the security domain [1] - 360 Group is focusing on achieving superior performance of small parameter models in specialized scenarios compared to general large models, aiming for breakthroughs in practical effectiveness and efficiency [3] Group 1: Model Development and Innovation - The approach involves categorizing security tasks into "fast thinking" and "slow thinking" tasks, allowing for targeted processing and comprehensive application [1] - The "fast thinking" tasks leverage large models' ability to make intuitive judgments based on vast amounts of labeled data, while "slow thinking" tasks require deep reasoning and complex analysis [1] - The first phase of development focuses on single security tasks, creating specialized models for unique data and task attributes, exemplified by a terminal behavior multi-modal judgment model achieving a 99.42% accuracy rate [3] Group 2: Multi-Model Coordination - The second phase introduces a "CoE" (Center of Excellence) large model architecture, which allows for modular integration of different expert partitions, optimizing parameter usage and reducing application costs [3] - This architecture addresses the challenges of multi-model collaboration by enabling selective activation of parameters during task execution [3] Group 3: Training Framework Innovation - The third phase emphasizes innovation in training frameworks, with the introduction of the first open-source RL-LoRA training framework, developed in collaboration with Berkeley BAIR Lab [4] - This framework significantly reduces memory and bandwidth costs, enhancing training efficiency and reducing training cycles [4]